Since the inception of the iPhone in 2007, the number of smartphone users has grown leaps and bounds. Experts estimate that over 60% of Americans own and use smartphones. The explosion of compelling apps, bigger screens with better resolution, expanded memory, and the evolution of user interfaces make it easy to perform tasks with a smartphone that used to be done from a computer, over the phone, or face-to-face. Today, smartphones are used more for surfing the web, checking email, snapping photos, and updating our social media status than actually making calls.
Smartphones in the Workplace
Forward-thinking organizations are adapting their technology to accommodate this trend by issuing smartphones or enabling employees bringing their own devices into the workplace (BYOD). These devices can access, transfer, and store confidential information. Smartphones are also frequently used outside the confines of the corporate environment, and many are used for both business and personal purposes. Smartphones are becoming more ubiquitous and commonplace at work, forcing organizations to consider the ramifications of enabling smartphone users to access their networks and apply the appropriate organizational risk management policies.
Smartphone Vulnerabilities
If you have mobile workers who rely on their smartphones for day to day activities, your organization needs policies in place that protect your data. Because smartphones get used on public unsecured networks they are more accessible to hackers and a popular target for malicious activity. Most Smartphones have cellular, Wi-Fi, and Bluetooth access giving hackers additional attack vectors. Additionally, because of their compact size smartphones regularly get lost or stolen.
Implementing Smartphone Policies
So, what can organizations do to protect sensitive information while making organizational data easily accessible to workers using smartphones? Implementing clear guidelines for smartphone use will help you maintain the strict controls that are necessary to safeguard your data. Smartphone users need to be aware of your policies and be willing to follow the rules before they can access your network. This particularly true for BYOD users. For example, if you have a policy in place for remotely wiping a smartphone that has been compromised, lost, or stolen, your users need to be aware of the policy and opt-in before they are allowed to access your network with their personal smartphone.
Mobile Device Management
To help ensure employees using smartphones do not breach policies accessing corporate resources, many organizations deploy mobile device management (MDM) technology. MDM provides a central interface for managing and securing data and applications used by mobile endpoint devices going in and out of your organization. Administrators can track resources being accessed by mobile devices, as well as locate, lock, and potentially wipe compromised devices with MDM. It can be leveraged for both company-owned and BYOD devices; however, MDM is particularly useful to organizations with BYOD policies for detecting and non-authenticating smartphones that are jail-broken or have risky apps.
Educating Your Workforce
In addition to implementing and enforcing organizational policies, educating your workforce about smartphone security risks and what they can do to mitigate risk is a crucial part of your smartphone security strategy. Here are some best practices your users can follow to make their devices and your network more secure:
- Make sure you purchase a phone from a manufacturer who consistently releases updates.
- Password protect or use biometric access to your phone.
- Use two-factor authentication on the applications that you use on the phone.
- Only download and install applications from a trusted source.
- Use device encryption. This protects any confidential data that resides on the device.
- Use anti-virus software. This will protect your device from known viruses and malware.
- Turn off connections when you don’t need them or are not using them especially wi-fi and Bluetooth.
- Uninstall unused applications.
- Set up the ability to wipe the device remotely. One in 10 smartphone owners are the victims of phone theft. Having this wipe ability will protect the data that is stored on the device.
- Be suspicious of free download offers
- Never jailbreak or root a mobile device. This allows malicious software to easily gain access to the operating system.
- Patch system as soon as you are alerted. This keeps the system current and better protected.
- Use a Virtual Private Network (VPN) service when transmitting data.
- Backup the contents of your phone in case you need to restore them after an attack.
- Check the privacy setting on any new applications that you install. Some must access personal information to complete their processes. Be sure the application is trusted before allowing this type of access or find an alternative solution if this information is not needed for the application.
- Always check around you before you leave a place. Ask yourself—do I have my cell phone and my wallet? On average, a person loses their phone about once a year. Try not to be part of this statistic.
- Report lost or stolen smartphones to your carrier immediately to prevent fraud and deactivate the phone’s data connection.
- Use “find my device” apps such as Find my iPhone and Google’s find my device to locate lost or stolen smartphones. It is best to get local law enforcement involved to help retrieve stolen smartphones.
- Turn on Limit Ad Tracking. This increases your privacy on your mobile device and limits the amount of app and mobile web ads.
- Do not provide your device’s IMEI (International Mobile Equipment Identity) or MEID (Mobile Equipment Identifier) number to anyone posing as a telecommunications or other vendor unless you know them or called them using a valid phone number.
As the use of smartphones continues to increase, more and more workers will expect to use them for professional as well as personal purposes. Many workers will forego computers altogether and rely on their smartphones for connectivity. Now is the time to get your smartphone policies implemented. Make sure your policies are clearly communicated to all your users. It’s also time to educate your users on the risks that smartphones pose to your organization and how they can play a part in reducing those risks.
If you need help developing smartphone policies for your organization, or you would like to learn more about MDM solutions and how they integrate into your overall security and enforcement strategies contact Cerium and speak with and expert.